DETAILED ACTION
This final action is in response to amendment filed on 11 June 2021. In this amendment, claims 1, 9 and 17 have been amended, and claims 2, 10 and 18 have canceled. Claims 1, 3, 5-9, 11, 13-17, 19 and 21-24 are pending, of which claims 1, 9, and 17 are independent claims. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
This application claims the benefit of the following U.S. Provisional Application Nos.: 62/681,279, filed on 06 June 2018; 62/737,558, filed on 27 September 20I8; and 62/817,943 filed on 13 March 2019.

Response to Arguments
Claim Objection
Claim Objections have been withdrawn in view of amended claim.
35 U.S.C. § 103 Rejections
Applicants’ arguments, with regards to claims 1-19, have been fully considered but they are not persuasive.
In the response filed on 11 June 2021, applicant argues in substance that:
, including utilizing at least one application program interface to access at least one of the plurality of deployed security-relevant subsystems.”
The examiner respectfully disagrees. Navas teaches APIs (application programming interfaces) that enable a user to send query to LE server for obtaining data from data source such as ERP 450 and CRM 460 (corresponding to security-relevant subsystems). The LE server then accesses (establishes connectivity) and obtains data from the ERP 450 and CRM 460 (see Navas Fig. 4 and pars. 103-104). Thus, the computing device utilizes API to provide a query to LE server to access (establish connectivity to) ERP 450 and CRM 460 (corresponding to security-relevant subsystems) for obtaining queried data. It appears that the applicant interpreted the API as API Gateway as indicated in paragraph 155. However, such element is not recited in the current claim. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. Examiner suggests clarifying the claim to recite the API Gateway to overcome current rejection of claim 1.  
Since the argument of claim 1 is not persuasive, other claims’ arguments that rely on the argument above are also not persuasive.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole 


Claims 1, 6, 8-9, 14, 16-17, 22 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Navas (US 2010/0125574, published 2010) and Satish et al. (US 2016/0164919, published 2016).
As per claim 1, Navas discloses a computer-implemented method (Navas method illustrated in Fig. 7), executed on a computing device (see Navas par. 126, embodiments of the invention can be implemented on computing system 1100), comprising: 
obtaining consolidated platform information for a computing platform to identify a plurality of deployed security-relevant subsystems (see Navas Fig. 4, obtaining information to identify data source ERP 450 and CRM 460 for establishing connection); 
establishing connectivity with the plurality of deployed security-relevant subsystems within the computing platform (see Navas Fig. 4, establish connection with data source ERP 450 and CRM 460), including utilizing at least one application program interface to access at least one of the plurality of deployed security-relevant subsystems (Navas par. 104, System 1000 may include multiple APIs (application programming interfaces) that enable a user to interact with LE server 1002; see Navas Fig. 4, user provides query to LE node to access ERP 450 and CRM 460), the plurality of deployed security-relevant subsystems including one or more of Content Delivery Network systems, Database Activity Monitoring systems (see Navas par. [0072]. ERP 450 includes database for event data A and C), Mobile Device Management systems, 
receiving a unified query from a third party (see Navas Fig. 4, receiving query 412 from user 410); 
distributing at least a portion of the unified query to the plurality of deployed security-relevant subsystems (see Navas Fig. 4, distributing components of Query 412 to ERP 450 and CRM 460); 
effectuating at least a portion of the unified query on each of the plurality of deployed security-relevant subsystems (see Navas Fig. 4, ERP 450 and CRM 460 processing components of Query 412); 
obtaining at least one security-relevant information set from each of the plurality of deployed security-relevant subsystems, thus defining a plurality of security-relevant information sets (Navas Fig. 7, Event Data Source Returns (Component) Query Response at 722; Navas par. 54, event types include changes or incidents in the IT (information technology) infrastructure); 
combining the plurality of security-relevant information sets to form an aggregated security-relevant information set for the computing platform (Navas Fig. 7, Event Server Combines Responses For Separate Query Component Responses at 724); 
enabling the third-party access to the aggregated security-relevant information set including initial security-relevant information (Navas par. 94, The event server returns the response to the user, 726. The user system may receive an actionable, real-
Navas does not explicitly disclose:
allowing the third party to manipulate the initial security-relevant information with automation information including: 2Appl. No.: 16/432,733Page 3 of 12 Amendment Dated: 11 June 2021Attorney Docket No.: 122680.00034 Reply to Office Action of: 12 March 2021 
allowing the third party to select automation information to add to the initial security-relevant information, including allowing the third party to select a specific type of automation information from a plurality of automation information types to add to the initial security-relevant; and 
generating revised security-relevant information based upon, at least in part, the initial security-relevant information and the automation information.  
Satish teaches:
allowing the third party to manipulate the initial security-relevant information with automation information (See Satish paras. [0027-0028]. Allowing the administrator to add (e.g., blocking [automation information]) to IP address related to the source of the threat [initial security-relevant information]) including: 
allowing the third party to select automation information to add to the initial security-relevant information (See Satish paras. [0027-0028]. Allowing the administrator to add (e.g., blocking [automation information]) to IP address related to the source of the threat [initial security-relevant information]), including allowing the third party to select a 2Appl. No.: 16/432,733Page 3 of 12 specific type of automation information from a plurality of automation information types (See Satish par. 27. Allowing the administrator to select an action (e.g., blocking particular IP addresses 
generating revised security-relevant information based upon, at least in part, the initial security-relevant information and the automation information (See Satish paras. [0027-0028]. Generate action selection (e.g., blocking [automation information] IP address related to the source of the threat [initial security-relevant information]).  
It would have been obvious to one skilled in the art at the time of effective filing date of the claimed invention to modify the method of Navas with the teaching of Satish for allowing the third party to select automation information to add to the initial security-relevant information, including allowing the third party to select a  specific type of automation information from a plurality of automation information types to add to the initial security-relevant; and generating revised security-relevant information based upon, at least in part, the initial security-relevant information and the automation information. One of ordinary skilled in the art would have been motivated because it offers the advantage of allowing administrator to take appropriate actions regarding identified security incident information.



As per claim 8, Navas-Satish discloses the computer-implemented method of claim 1. Navas further discloses wherein the plurality of deployed security-relevant subsystems includes one or more of: 
a data lake; 
a data log (Navas par. 26, The data sources may be any subsystem (e.g., supply chain management (SCM), enterprise resource planning (ERP), human resources, customer relations management (CRM), information technology (IT), etc.), database, or other element within the enterprise that implements a change to one or more objects); 3Appl. No.: 16/432,733Page 4 of 12 
a security-relevant software application; 
a security-relevant hardware system; and 
a resource external to the computing platform.  

Claims 9, 14 and 16 are computer program product claims reciting similar subject matters to those recited in the method claims 1, 6 and 8 respectively, and are rejected under similar rationale. 
Navas further discloses a computer program product comprising a non-transitory computer readable medium having a plurality of instructions stored thereon which, when 

Claims 17, 22 and 24 are system claims reciting similar subject matters to those recited in the method claims 1, 6 and 8 respectively, and are rejected under similar rationale. 
Navas further discloses a computing system (Navas Fig. 11, computing system 1100) including a processor (Navas Fig. 11, processor 1110) and memory configured to perform operations (Navas Fig. 11, memory 1120).

Claims 3, 5, 11, 13, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Navas (US 2010/0125574, published 2010), Satish et al. (US 2016/0164919, published 2016) and Suit et al. (US 20100077078, published 2010).
As per claim 3, Navas-Satish discloses the computer-implemented method of claim 1. Navas discloses combining the plurality of security-relevant information sets to form an aggregated security-relevant information set (Navas Fig. 7, Event Server Combines Responses For Separate Query Component Responses at 724).
Navas-Satish does not explicitly disclose:
homogenizing the plurality of security-relevant information sets to form the aggregated security-relevant information set.  
Linde teaches:

It would have been obvious to one skilled in the art at the time of effective filing date of the claimed invention to further modify the method of Navas with the teaching of Linde for homogenizing the plurality of security-relevant information sets to form the aggregated security-relevant information set. One of ordinary skilled in the art would have been motivated because it offers the advantage of providing uniform data for better viewing and analysis.

As per claim 5, Navas-Satish discloses the computer-implemented method of claim 1. Navas-Satish does not explicitly disclose:
enabling third-party searching of the aggregated security-relevant information set.  
Linde teaches:
enabling third-party searching of the aggregated security-relevant information set (Linde par. 96, the aggregated data flows may further be manipulated or filtered based on user defined inputs or other search criteria).  
It would have been obvious to one skilled in the art at the time of effective filing date of the claimed invention to further modify the method of Navas with the teaching of Linde for enabling third-party searching of the aggregated security-relevant information set. One of ordinary skilled in the art would have been motivated because it offers the 

Claims 11 and 13 are computer program product claims reciting similar subject matters to those recited in the method claims 3 and 5 respectively, and are rejected under similar rationale.

Claims 19 and 21 are system claims reciting similar subject matters to those recited in the method claims 3 and 5 respectively, and are rejected under similar rationale.

Claims 7, 15 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Navas (US 2010/0125574, published 2010), Satish et al. (US 2016/0164919, published 2016) and Suit et al. (US 20100077078, published 2010).
As per claim 7, Navas-Satish discloses the computer-implemented method of claim 1. Navas-Satish does not explicitly disclose:
the plurality of security-relevant information sets utilize a plurality of different nomenclatures.  
Suit teaches:
the plurality of security-relevant information sets utilize a plurality of different nomenclatures (Suit par. 44, the agent normalizes information collected from the node, with respect, for example, to the type of operating system associated with the node. For 
It would have been obvious to one skilled in the art at the time of effective filing date of the claimed invention to further modify the method of Navas with the teaching of Suit for the plurality of security-relevant information sets utilize a plurality of different nomenclatures. One of ordinary skilled in the art would have been motivated because it offers the advantage of allowing system to process data from different sources having different nomenclature.

Claim 15 is computer program product claim reciting similar subject matters to those recited in the method claim 7, and is rejected under similar rationale.

Claim 23 system claim reciting similar subject matters to those recited in the method claim 7, and is rejected under similar rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20160119365 A1; System And Method For A Cyber Intelligence Hub
The present invention generally relates to cyber security, and more particularly to a system and method to provide pre-emptive information by means of a cyber intelligence hub (CIH) that will enable organizations to deal with future risks in a proactive manner, prior to their materialization.

Aspects of the present disclosure relate to network security data collection, aggregation, and analysis, among other functions, and more particularly to the generation of network threat intelligence, including reputation scores and profiles, based on network security data.
US 10397246 B2; System And Methods For Malware Detection Using Log Based Crowdsourcing Analysis
The invention relates to protecting computers and networks from malware attacks by analyzing event data logs obtained from a plurality of client networks representing a plurality of business units or customers.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.